-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

================================================== ============
"Where does he get those wonders toys?"
-- The Joker (Batman 1989)
================================================== ============
Release Announcements
=====================

This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all current
bug-fixes. Please read the changes in this section and for the
original 3.0.23 release regarding new features and difference
in behavior from previous releases.

Common bugs fixed in 3.0.23b include:

o Ambiguity with unqualified names in smb.conf parameters
such as "force user" and "valid users".
o Errors in 'net ads join' caused by bad IP address in the list
of domain controllers.
o SMB signing errors in the client and server code.
o Domain join failures when using smbpasswd on a Samba PDC.


Member servers, domain accounts, and smb.conf
=============================================

Since Samba 3.0.8, it has been recommended that all domain
accounts listed in smb.conf on a member server be fully
qualified with the domain name. This is now a requirement.
All unqualified names are assumed to be local to the Unix
host, either as part of the server's local passdb or in the
local system list of accounts (e.g. /etc/passwd or /etc/group).

The reason for this change is that smbd has transitioned from
access checks based on string comparisons to token based
authorization. All names are resolved to a SID and then
verified against the logged on user's NT user token. Local
names will resolve to a local SID, while qualified domain
names will resolve to the appropriate domain SID.

If the member server is not running winbindd at all, domain
accounts will be implicitly mapped to local accounts and their
tokens will be modified appropriately to reflect the local
SID and group membership.

For example, the following share will restrict access to the
domain group "Linux Admins" and the local group srvadmin.

[restricted]
path = /data
valid users = +"DOMAIN\Linux Admins" +srvadmin

Note that to restrict the [homes] share on a member server to the
owner of that directory, it is necessary to prefix the %S value
to "valid users".

[global]
security = {domain,ads}
workgroup = DOM
winbind separator = +
[homes]
valid users = DOM+%S


================
Download Details
================

The uncompressed tarballs and patch files have been signed
using GnuPG (ID 157BC95E). The source code can be
downloaded from:

http://download.samba.org/samba/ftp/

The release notes are available online at:

http://www.samba.org/samba/history/samba-3.0.23b.html

Binary packages are available at

http://download.samba.org/samba/ftp/Binary_Packages/

Our Code, Our Bugs, Our Responsibility.
(https://bugzilla.samba.org/)

--Enjoy
The Samba Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE2KrzIR7qMdg1EfYRAgj6AJ9UIVGKL9shlm6+T8Do6M l6OgUCGACeOpWM
4ZywT0ysioV9hSR9DEXbbNU=
=Dm0v
-----END PGP SIGNATURE-----